AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network activity is explicit Redmine API access configured by the consumer, with metadata endpoints blocked.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Consumer calls `RedmineClient.fromEnv` and invokes a Redmine client method.
Impact
Reads Redmine data available to the supplied credentials; no unrelated exfiltration or local mutation is present.
Mechanism
Validated GET requests to configured Redmine REST endpoints using the configured API key.
Rationale
Static hints reflect a legitimate Redmine client using environment configuration and network requests. Source inspection shows the cloud-metadata references are denylisted validation checks, not requests, and no concrete malicious behavior is present.
Evidence
package.jsondist/config.jsdist/http.jsdist/client.jsdist/issues.jsdist/index.jsdist/mask.jsdist/errors.js
Network endpoints2
169.254.169.254metadata.google.internal
Decision evidence
public snapshotAI called this Clean at 99.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no lifecycle hooks or executable bin entry.
- `dist/index.js` only re-exports library APIs; import does not initiate requests.
- `dist/config.js` requires caller-provided Redmine URL/key and rejects metadata/link-local hosts.
- `dist/http.js` sends GET requests only to the configured Redmine base URL with its supplied API key.
- `dist/http.js` reads only an optional caller-configured CA certificate and masks the API key in errors.
- No child-process, eval, dynamic loading, persistence, destructive write, or agent-control code found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/config.jsView file
4const LOCAL_HTTP_HOSTS = new Set(["localhost", "127.0.0.1", "redmine"]);
L5: function isPrivateIpv4(host) {
L6: const m = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(host);
...
L34: }
L35: export function loadConfig(env = process.env) {
L36: const urlRaw = env.REDMINE_URL?.trim();
...
L52: message: `Invalid REDMINE_URL: ${urlRaw}`,
L53: check: ["Use an absolute URL like https://redmine.example.com"],
L54: });
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/config.jsView on unpkg · L4•matchType = previous_version_dangerous_delta
matchedPackage = redmine-devrelay-client@0.1.0
matchedIdentity = npm:cmVkbWluZS1kZXZyZWxheS1jbGllbnQ:0.1.0
similarity = 0.857
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/config.jsView on unpkgFindings
2 High2 Medium4 Low
HighCloud Metadata Accessdist/config.js
HighPrevious Version Dangerous Deltadist/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings